Skip to main content

Trust and security

Built for careful stormwater compliance workflows

Last updated: June 2026

Rapid RUSLE keeps customer data focused on the workflow it supports: RUSLE inputs, project metadata, inspection scheduling records, and calculation or report outputs. This page summarizes the current trust posture for buyers, reviewers, and implementation teams.

Current assurance status: Rapid RUSLE does not currently claim SOC 2, HIPAA, ISO 27001, or formal regulatory certification. If a qualified customer deployment requires formal assurance, we can scope the correct readiness path with the customer.

Limited data collection

Rapid RUSLE is designed around the stormwater workflow it supports: account details, project metadata, RUSLE inputs, calculation outputs, inspection scheduling records, generated reports, and operational logs.

Professional review stays central

The product supports preparation, review, and documentation. It does not replace qualified professional judgment, permit obligations, or project specific verification.

Secure application access

Application traffic uses HTTPS with security headers including HSTS, content security policy, frame protection, and content type protection.

Restricted administrative access

Production access is limited to approved technical operators. Secrets are kept out of source control and administrative access is kept separate from customer accounts.

Practical retention and deletion

Customer project data is retained while an account is active. Export or deletion requests can be handled by written request, subject to legal and operational constraints.

Incident response readiness

If a security issue occurs, we identify and contain the issue, preserve relevant evidence, assess customer impact, remediate the cause, notify affected customers when appropriate, and document the follow up actions.

Data Rapid RUSLE is designed to handle

  • User account information such as name, email, and company
  • Company and project names
  • Project metadata entered by users
  • RUSLE input values and calculation related outputs
  • Inspection scheduling and documentation records when those features are used
  • Generated reports or supporting calculation details
  • Basic product usage, security, and operational logs

Data we avoid unless it is truly necessary

  • Payment card details handled directly by Rapid RUSLE
  • Social Security numbers
  • Protected health information
  • Unrelated personnel records
  • Sensitive legal, financial, or personal records that are not needed for the product workflow
  • Confidential documents that are not required for RUSLE calculation, inspection, or report workflows

Vendors and subprocessors

Rapid RUSLE uses a small set of infrastructure and product vendors to operate the service. The exact vendor list can change as product capabilities evolve, but the current categories include:

  • Hosting and server infrastructure
  • Supabase for application database and authentication services
  • Stripe for payment processing when subscriptions or invoices are used
  • Google services for maps, measurement, and selected product integrations
  • Email delivery services for transactional product notifications

Common buyer questions

These answers are intentionally conservative. We would rather be clear about the current posture than overstate controls that have not been formally audited.

Do you have SOC 2?

Not at this stage. Rapid RUSLE is taking a practical security first approach while enterprise requirements are validated. If SOC 2 becomes required for a customer deployment, we are prepared to scope that path with a compliance platform and independent auditor.

Do you support SSO?

Not in the current self serve product. If an enterprise buyer requires SSO, it can be scoped as part of an enterprise deployment.

Do you use customer data to train AI models?

Core RUSLE calculations are deterministic and reviewable. Rapid RUSLE does not rely on customer project data to train AI models. If AI assisted features are added, we will document what data is sent, to whom, for what purpose, and whether it is retained or used for training.

Can customers export or delete data?

Yes, by written request. Self serve account export and deletion capabilities may vary by product area, so support can help route requests and confirm the practical steps for a specific account.

Need a security review for your rollout?

For enterprise deployments, we can provide a practical trust review, confirm required controls, and scope any buyer specific assurance needs before rollout.

Contact Rapid RUSLE